Partner Article

How to safeguard your system against ‘malvertisements’

If you think that online ads are just an annoyance, think again. One of the ways criminals harvest malware onto your computer is through the use of malicious online advertisements, commonly known as ‘malvertisements’.

Cybercriminals use two common methods to spread malware via malicious advertising. One entails exploiting Internet users’ trust by hacking trusted websites and injecting malware into legitimate third-party banners and online ads. Recent examples of credible sites that have been hacked and used by cybercriminals to insert viruses in the ads include The New York Times and The London Stock Exchange.

Alternatively, hackers may take a more sophisticated approach of first posing as trustworthy companies. They’ll initially place several ‘clean’ ads on reputable websites that host third-party ads, leave them running to gain traction, and then launch their attack by inserting malware into the code behind their ads.

Both approaches allow attackers to infect as many computers as possible in a short amount of time. By clicking seemingly innocent online ads, users are directly infected or redirected to a malicious site which tricks the user into copying viruses or spyware. With some malvertisements, victims do not even have to physically click on the malicious ad itself. Just having the malvertisement pop up on your screen is enough to unleash the malware onto your computer, and can result in the theft of sensitive data such as personal information and banking details.

What makes malvertising attacks so powerful is that they can infect thousands of sites at once by infiltrating popular syndicated online ad services. Websites that run third-party ads can’t do much to protect their visitors from these malvertisements because syndicated ads are not under their direct control. After the damage is done, attackers can easily remove or discontinue their ads. And because the ad network infrastructure is often highly complex, criminals accomplish their attacks without trace.

Although online ads –and consequently ‘malvertisements’- are commonplace on the Internet, there are several steps which users can take to safeguard their systems:

• Update. Make sure your operating system, browser, and browser plug-ins are up-to-date. This is one way to defend your system against attackers who look for opportunities to exploit vulnerabilities, like outdated software on your computer – this is a key tactic for today’s cybercriminals.

• Stay Secure. Install an antivirus and two-way firewall and make sure your security software is up-to-date to keep your system protected from the latest malware attacks.

•Be Cautious. Don’t click on any pop-ups that state you’ve won a prize. And beware of scareware pop-ups that claim your computer has been infected with a virus. These rogue security solutions are popular among cybercriminals who can use these applications to infect your system.

•Block. Use your pop-up blocker or install an ad block add-on through your browser of choice (such as Firefox, Internet Explorer or Google Chrome). A pop-up ad can deliver a malicious payload as soon as the ad appears on the viewer’s screen. And in some cases, the malware will execute when the viewer clicks the “X” to close the pop-up window.

•Weekend-wary. Be especially careful of your browsing activity on the weekend. Cybercriminals tend to launch malvertising campaigns during off-peak times when IT resources are low and attacks are likely to go unnoticed.

Keep in mind that as companies continue to target people with online ads, malvertising will only become more prevalent. These are just a few ways to make sure any applications running on your system are legitimate and that you are never caught off-guard or tempted to click on what could quite possibly be not just an annoying but dangerous ad.

This was posted in Bdaily's Members' News section by Eytan Segal .